UC520 expansion port (VLAN question?)

I have a working UC520 with a few issues which I am trying to sort out. I need to implement phones in a separate room/building (local to this site, just different switch) plus later in this project, at a user's home.

Broadly it works fine with IP phones plugged in to the 8 built in ports, but I see an issue as soon as I try to use the expansion port.

Target configuration is as follows;

A cabinet containing UC520, an ASA5505 and an 887VA DSL router. Router fairly obviously feeds directly to the WAN side of the ASA.

LAN side of the ASA is connected to the expansion port of the UC520, ASA connects to another switch (old HP switch) which links to another building.

This other building contains a Cisco SF300-24 switch which has a 7960 phone connected.

UC520 ports connect to phones + PCs in that office, plus AP1242 wireless AP.

Expansion port is configured to support 'Phone+PC' which should give LANs 1 and 100

In this config, any phones plugged in to the ASA get a data network IP address, and can't register.

When I use a dumb switch connected to the UC520 expansion port (HP unmanaged 8 port desktop 1Gb) then phones plugged in to the dumb switch work fine.

SO: First problem appears to be the switch ports on the ASA are not dealing with the VLANs properly?

Relevent part of the ASA config is;

interface Ethernet0/0
 switchport access vlan 2
interface Ethernet0/1
 switchport trunk allowed vlan 1,100
 switchport mode trunk
interface Ethernet0/2
 switchport trunk allowed vlan 1,100
interface Ethernet0/3
 switchport trunk allowed vlan 1,100
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
 nameif inside
 security-level 100
 ip address 
 ipv6 address fd20:8195:ef9:1::1/64
 ipv6 enable
 ospf cost 10
interface Vlan2
 nameif outside
 security-level 0
 ip address <Our-External-IP> 
 ospf cost 10


same-security-traffic permit inter-interface
same-security-traffic permit intra-interface

Can anyone see my issue, so at least I can progress with VLANs being passed correctly by the ASA?

Use a Cisco switch and you should be fine.

The ASA should either be connected to the WAN port of the UC or at worst the LAN port, not the Expansion port, the ASA is not a switch and you should reserve the expansion port of the UC for a switch.

You also need to consider upgrading the HP switch to at worst a 10 port SF-300 series switch, this way all VLAN's are honored from end to end, this will curb your problems pretty much instantly... However if you cannot change the HP switch and it is VLAN aware, then at least make it known to all the VLAN's the UC uses and associate them to all the ports.

Hope this helps you out



Sorry for the delay in returning to this thread... many projects on.

Thanks for the advice.

I was trying to just utilise the spare ports on the ASA as normal switch ports as I happen to have these available in this location. If the ASA ports can't be used as normal switch ports then the next option is to add a real switch.

I may need to retest this as I am not 100% sure, but I temporarily bypassed the HP kit so we had just the SF300-24 between the IP phone and the UC520 and still it didn't do what I hoped (i.e. the phone gets a data LAN IP so it implies the VLANs are not getting through the SF300 either).

I thought that CDP would sort out the path through... but maybe I need to do a little more research on this.

I am actually testing on our own network at present, but I have a customer deplyment I am planning. I have to be able to confidently advise them that a change to Cisco 300 series switches will work for them when they deploy Cisco VoIP later this year.

So, first question is, do the 300 series work by auto configuration (CDP) or is it necessary to do a manual config for the voice VLANs?



Update: This issue is now solved.

I reset the SF300-24 back to factory defaults and the auto voice VLAN started working correctly. I guess I must have disabled or overridden this with a manual configuration that was incorrect.

We now have a cheap HP unmanaged switch in the UC520/ASA5505 cabinet linking back to the remainder of the network, which is supported by the SF300-24.

Phones on the SF300 now work as they should, as (obviously) so do those plugged in to the UC520.

As it happens, phones plugged in to the HP switch (with their own local power as it is not a PoE switch) also work.

For reference, the HP switch that does pass the VLANs correctly is a 1400-8G

(I would prefer to use the Cisco kit end to end... but sometimes we have to work with what we have available).

Customer deployment I mentioned that this was a test for, has gone ahead with SG300-20 and SG300-28P switches. No voice kit in there yet, but at least the network is ready.

Thanks for the suggestions


